My RSS feed delivered me an very interesting article on security in virtual world. The guy here, Sergio Castro, focused on VMTs (Virtual Machine Trojans).
He demonstrates with a downloadable virtual appliance his proof of concept. A bit scary but at the end it is a wake-up call.
How many of us, me first, have already downloaded a virtual appliance and run it into company’s network. Sure they come from known sources; VMware.com for example but this is not a 100% malware safe certificate…
The industry took the virtualization path, we have to comply with and update our security policies and our security tools as well!
VMware.com worked on the security issues and came out with VMsafe, a set of APIs third party vendors such ThirdBrigade.com can use to develop tools and application to extend security to hosts and virtual machines.
BTW who’s is attending InfoSec 2009 in London ?
Virtualization technology is such an efficient way of managing IT resources that there’s no doubt that in a very short time it will become the only way of doing it. But virtualization is still a new technology, and logically the information security aspect will lag behind for some time to come.
There are four types of security risks related to virtualization:
1) The normal, run-of-the-mill buffer overflow type any software package may have; there’s no escaping that. Take CVE-2002-0814 as an example.
2) The risk of the guest virtual machine taking control of the host physical machine. It’s easy to forget that the virtual machine is running on the same memory of the host. Therefore, the virtual machine could do a buffer overflow and take control of the underlying host machine. Such is the case of CVE-2005-4459.
3) The Blue Pill scenario, in which a virtual machine loads while the host machine is booting, and then mimics the host machine, to the point where the user does not know he/she is inside a virtual machine. In this way, the attacker has full control of the host machine, and the user would have a very hard time realizing he/she is not in control. (http://en.wikipedia.org/wiki/Blue_Pill_(malware)), (http://theinvisiblethings.blogspot.com/2006/06/introducing-blue-pill.html)
4) Virtual machine trojans, in which a seemingly benign virtual machine you download from the Internet contains a trojan.
The objective of this article is to talk about #4, Virtual Machine Trojans (VMTs).
Read more at Infosegura.net